In the past decades, Ethernet has become an alternative technology for the field buses traditionally used in industrial control systems and distributed measurement systems. Among different transmission media in Ethernet standards, optical fiber provides the best bandwidth, excellent immunity to electromagnetic interference, and less signal loses than other wired media. Due to the absence of a standard that provides security at the physical layer of optical Ethernet links, the main motivation of this paper is to propose and implement the necessary modifications to introduce encryption in Ethernet 1000Base-X standard. This has consisted of symmetric streaming encryption of the 8b10b symbols flow at physical coding sublayer level, thanks to a keystream generator based on chaotic algorithm. The overall system has been implemented and tested in an field programmable gate array and Ethernet traffic has been encrypted and transmitted over an optical link. The experimental results show that it is possible to cipher traffic at this level and hide the complete Ethernet traffic pattern from passive eavesdroppers. In addition, no space overhead is introduced in data frames during encryption, achieving the maximum throughput.

翻译：近几十年来，以太网已成为工业控制系统和分布式测量系统中传统现场总线的替代技术。在以太网标准的不同传输介质中，光纤提供了最佳带宽、优异的抗电磁干扰能力以及比其他有线介质更低的信号损耗。由于缺乏在光以太网链路物理层提供安全性的标准，本文的主要动机是提出并实现必要的修改，以在以太网1000Base-X标准中引入加密。这包括在物理编码子层级别对8b10b符号流进行对称流加密，这得益于基于混沌算法的密钥流生成器。整个系统已在现场可编程门阵列中实现和测试，以太网流量已加密并通过光链路传输。实验结果表明，可以在该级别加密流量，并隐藏完整的以太网流量模式以防止被动窃听者。此外，加密过程中未在数据帧中引入空间开销，实现了最大吞吐量。